epan/dissectors/packet-e100.c

   1 /* packet-e100.c
   2  * Routines for Arbor Networks E100 packet encapsulation disassembly
   3  *
   4  * Copyright (c) 2009 by Bradley Higgins <bhiggins@arbor.net>
   5  *
   6  * Wireshark - Network traffic analyzer
   7  * By Gerald Combs <gerald@wireshark.org>
   8  * Copyright 1999 Gerald Combs
   9  *
  10  * SPDX-License-Identifier: GPL-2.0-or-later
  11  */
  12
  13 #include "config.h"
  14
  15 #include <epan/packet.h>
  16
  17 void proto_register_e100(void);
  18 void proto_reg_handoff_e100(void);
  19
  20 static int proto_e100;
  21
  22 static dissector_handle_t eth_handle;
  23
  24 /* Dissector tree globals */
  25 static int hf_e100_header;
  26 static int hf_e100_port;
  27 static int hf_e100_seq;
  28 static int hf_e100_ip;
  29 static int hf_e100_mon_pkt_id;
  30 static int hf_e100_pkt_ts;
  31 static int hf_e100_bytes_cap;
  32 static int hf_e100_bytes_orig;
  33
  34 static int ett_e100;
  35
  36 /* E100 encapsulated packet offsets */
  37 typedef struct _e100_encap
  38 {
  39     unsigned offset;
  40     unsigned len;
  41 } e100_encap;
  42
  43 static e100_encap e100_header_ver = {0, 1};
  44 static e100_encap e100_port_recv  = {1, 1};
  45 static e100_encap e100_seq        = {2, 2};
  46 static e100_encap e100_ip         = {4, 4};
  47 static e100_encap e100_mon_pkt_id = {8, 4};
  48 static e100_encap e100_ts         = {12, 8};
  49 static e100_encap e100_bytes_cap  = {20, 4};
  50 static e100_encap e100_bytes_orig = {24, 4};
  51 static unsigned e100_encap_len = 28;
  52
  53
  54 static int
  55 dissect_e100(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
  56 {
  57     tvbuff_t *next_tvb;
  58     uint32_t bytes_captured;
  59     uint32_t bytes_original;
  60     proto_item *ti;
  61     proto_tree *e100_tree;
  62
  63     /* heuristic testing:
  64      * (1) tvb packet is larger than e100 packet
  65      * (2) e100 header is 1
  66      * (3) e100 capture size matches tvb packet size
  67      */
  68     if (tvb_captured_length(tvb) < e100_encap_len ||
  69         tvb_get_uint8(tvb, e100_header_ver.offset) != 1 ||
  70         tvb_get_ntohl(tvb, e100_bytes_cap.offset) != tvb_reported_length(tvb)-e100_encap_len)
  71     {
  72         /* Not one of our packets. */
  73         return 0;
  74     }
  75
  76     col_set_str(pinfo->cinfo, COL_PROTOCOL, "e100");
  77     col_set_str(pinfo->cinfo, COL_INFO, "E100 Encapsulated Packet");
  78
  79     ti = proto_tree_add_item(tree, proto_e100, tvb, 0, e100_encap_len, ENC_NA);
  80     e100_tree = proto_item_add_subtree(ti, ett_e100);
  81
  82     proto_tree_add_item(e100_tree, hf_e100_header, tvb,
  83             e100_header_ver.offset, e100_header_ver.len, ENC_BIG_ENDIAN);
  84     proto_tree_add_item(e100_tree, hf_e100_port, tvb,
  85             e100_port_recv.offset, e100_port_recv.len, ENC_BIG_ENDIAN);
  86     proto_tree_add_item(e100_tree, hf_e100_seq, tvb,
  87             e100_seq.offset, e100_seq.len, ENC_BIG_ENDIAN);
  88     proto_tree_add_item(e100_tree, hf_e100_ip, tvb,
  89             e100_ip.offset, e100_ip.len, ENC_BIG_ENDIAN);
  90     proto_tree_add_item(e100_tree, hf_e100_mon_pkt_id, tvb,
  91             e100_mon_pkt_id.offset, e100_mon_pkt_id.len, ENC_BIG_ENDIAN);
  92     proto_tree_add_item(e100_tree, hf_e100_pkt_ts, tvb,
  93             e100_ts.offset, e100_ts.len, ENC_TIME_SECS_USECS|ENC_BIG_ENDIAN);
  94     proto_tree_add_item_ret_uint(e100_tree, hf_e100_bytes_cap, tvb,
  95             e100_bytes_cap.offset, e100_bytes_cap.len, ENC_BIG_ENDIAN,
  96             &bytes_captured);
  97     proto_tree_add_item_ret_uint(e100_tree, hf_e100_bytes_orig, tvb,
  98             e100_bytes_orig.offset, e100_bytes_orig.len, ENC_BIG_ENDIAN,
  99             &bytes_original);
 100
 101     next_tvb = tvb_new_subset_length_caplen(tvb, e100_encap_len,
 102             bytes_captured, bytes_original);
 103     call_dissector(eth_handle, next_tvb, pinfo, tree);
 104
 105     return tvb_captured_length(tvb);
 106 }
 107
 108 static bool
 109 dissect_e100_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
 110 {
 111     return dissect_e100(tvb, pinfo, tree, data) > 0;
 112 }
 113
 114 void
 115 proto_register_e100(void)
 116 {
 117     static hf_register_info hf[] =
 118     {
 119     { &hf_e100_header,
 120         { "Header Version",
 121             "e100.version",
 122             FT_UINT8,
 123             BASE_DEC,
 124             NULL, 0x0, NULL, HFILL
 125         }
 126     },
 127     { &hf_e100_port,
 128         { "E100 Port Received",
 129             "e100.port_recv",
 130             FT_UINT8,
 131             BASE_DEC,
 132             NULL, 0x0, NULL, HFILL
 133         }
 134     },
 135     { &hf_e100_seq,
 136         { "Sequence Number",
 137             "e100.seq_num",
 138             FT_UINT16,
 139             BASE_DEC,
 140             NULL, 0x0, NULL, HFILL
 141         }
 142     },
 143     {  &hf_e100_ip,
 144         { "E100 IP Address",
 145             "e100.ip",
 146             FT_IPv4,
 147             BASE_NONE,
 148             NULL, 0x0, NULL, HFILL
 149         }
 150     },
 151     { &hf_e100_mon_pkt_id,
 152         { "Monitor Packet ID",
 153             "e100.mon_pkt_id",
 154             FT_UINT32,
 155             BASE_DEC,
 156             NULL, 0x0, NULL, HFILL
 157         }
 158     },
 159     { &hf_e100_pkt_ts,
 160         { "Packet Capture Timestamp",
 161             "e100.pkt_ts",
 162             FT_ABSOLUTE_TIME,
 163             ABSOLUTE_TIME_LOCAL,
 164             NULL, 0x0, NULL, HFILL
 165         }
 166     },
 167     { &hf_e100_bytes_cap,
 168         { "Bytes Captured",
 169             "e100.bytes_cap",
 170             FT_UINT32,
 171             BASE_DEC,
 172             NULL, 0x0, NULL, HFILL
 173         }
 174     },
 175     { &hf_e100_bytes_orig,
 176         { "Bytes in Original Packet",
 177             "e100.bytes_orig",
 178             FT_UINT32,
 179             BASE_DEC,
 180             NULL, 0x0, NULL, HFILL
 181         }
 182     }
 183     };
 184
 185     /* Setup protocol subtree array */
 186     static int *ett[] =
 187     {
 188         &ett_e100
 189     };
 190
 191     proto_e100 = proto_register_protocol("E100 Encapsulation", "E100", "e100");
 192     proto_register_field_array(proto_e100, hf, array_length(hf));
 193     proto_register_subtree_array(ett, array_length(ett));
 194 }
 195
 196 void
 197 proto_reg_handoff_e100(void)
 198 {
 199     /* Check all UDP traffic, as the specific UDP port is configurable */
 200     heur_dissector_add("udp", dissect_e100_heur, "E100 over UDP", "e100_udp", proto_e100, HEURISTIC_ENABLE);
 201     /* e100 traffic encapsulates traffic from the ethernet frame on */
 202     eth_handle = find_dissector_add_dependency("eth_withoutfcs", proto_e100);
 203 }
 204
 205 /*
 206  * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 207  *
 208  * Local variables:
 209  * c-basic-offset: 4
 210  * tab-width: 8
 211  * indent-tabs-mode: nil
 212  * End:
 213  *
 214  * vi: set shiftwidth=4 tabstop=8 expandtab:
 215  * :indentSize=4:tabSize=8:noTabs=true:
 216  */